Hi Paul,
Firstly, your last ":" in the function should be "::".
The customizable fields simply control which fields can be altered via the admin panel action editor (Setup -> Actions).
min_forum_permission controls permissions on a forum basis, however looking at the code it seems that it only works when the action is named forum_... or post_... I've updated this for 1.1.5 so that it works with any action. Note, however, that the _auth_* variables described below do not work for any action beginning with "forum".
When the action is forum_*, it looks for $IN->param("forum") and uses that as the forum ID. For post_* actions, by default it looks for $IN->param('post') or $IN->param('forum') and authenticates off one of those. You can, however, alter this behaviour using the _auth_* keys (see, for example, the post_reply_write and post_attachment_delete actions).
_auth_redo, _auth_param, and _auth_type work like this:
_auth_param is the input parameter to use for authentication.
_auth_type can be one of: 'post', 'postatt', 'forum', or 'forum&post'. The first three look at $IN->param(value of _auth_param) and assume that it is the post id, attachment id, or forum id. Remember, all of this is ultimately used to calculate the forum_id.
The last, 'forum&post' looks for something like 'foo&bar' in the _auth_param field, then looks for $IN->param('foo'), which it assumes to be a forum ID, and $IN->param('bar') which is a post ID. In this case, BOTH the forum (foo) and the forum of the post (bar) must meet the minimum forum permission. This is used for post_move and post_detach, which deal with two different forums (the one being moved from, and the one being moved to). This method also expects min_forum_permission to be something like '5&6' - 5 is the permission required for the 'foo' forum, and 6 is the permission required for the forum that post 'bar' belongs to.
_auth_redo makes things a bit more confusing. If it is set, _auth_redo will be a pipe (|) delimited list of possible values for $IN->param('redo'). _auth_param and _auth_type will also become pipe-delimited. Basically, it works by looking to see which value matches, and uses the _auth_type and _auth_param value in the same location. For example, suppose I have this:
_auth_redo: abc|def|ghi
_auth_type: post|forum|forum&post
_auth_param: post|forum_id|forum_id&post_id
The authentication routine will look at $IN->param('redo'). If it equals 'abc', it will use 'post' for _auth_type and 'post' for _auth_param. Things then continue as described above. Likewise, if it is 'def', 'forum' and 'forum_id' will be the _auth_type and _auth_param values, respectively. 'ghi' will result in 'forum&post', 'forum_id&post_id'.
Once the authentication type has been decided, the authentication proceeds as described above.
Jason Rhinelander
Gossamer Threads jason@gossamer-threads.com